This document explains in complete transparency the rules for implementing the processing of personal data carried out by the company KROMIOS. The protection of personal data and respect for the privacy of its customers are at the heart of the daily precautions of the SLEA Company. The SLEA Company, in its capacity as data controller, undertakes through this General Personal Data Protection Policy to:

- Ensure ethical and responsible use of your personal data;

- Comply with the provisions of law n°78-17 of January 6, 1978 relating to data processing, files and freedoms, known as the “Informatique et Libertés” law, the standards decreed by the CNIL and Regulation (EU) n° 2016/679 of April 27, 2016, known as “GDPR” from its entry into force on May 25, 2018;

- To detail the processing of personal data implemented as part of the daily activities of the KROMIOS Company;

- To guarantee you an effective exercise of your rights regarding the personal data concerning you.

The person responsible for the data processing implemented on the site at the url address: https://www.slea-shop.fr/, on the mobile application and on paper forms in stores and beauty institutes is: KROMIOS , Simplified Joint Stock Company with Associates, with capital of 10,200 euros, registered in the Trade and Companies Register of DRAGUIGNAN under number 833 616 402 , whose head office is located at 178, route de besse, 83340 FLASSANS. ; Web: kromios-cbd.fr

The SLEA Company has appointed a Data Protection Officer, known as “DPD” or “DPO” (Data Protection Officer), whose missions are in particular the following: - Ensure compliance with regulations regarding the protection of personal data;

- Keep a register of the processing implemented by the SLEA Company and ensure their compliance;

- Raise awareness among the SLEA Company teams;

- To be a specialized and privileged contact with the National Commission for Information Technology and Liberties (CNIL) and people concerned by the processing of personal data;

- To respond to requests from users wishing to exercise their rights concerning their personal data collected by the SLEA Company.


You can contact the SLEA DPO by writing to the following addresses:

- By post: SLEA – Data Protection Officer – 178 route de besse, 83340 FLASSANS;

- By email: contact@slealaboratoires.fr.

SLEA collects your personal data fairly and transparently through several collection points detailed below.

- In SLEA stores and beauty salons:

During a simple visit, a purchase in stores or a treatment in a SLEA beauty institute, SLEA staff may ask you to provide a certain amount of personal data concerning you, particularly in as part of an institute customer file, a cosmetovigilance file (Sheet to be completed in the event of an adverse effect linked to the use of a cosmetic product or treatment.) or a loyalty card form.

Complete information relating in particular to your rights, as arising from the Data Protection Act and the GDPR, is available on all SLEA COSMETIQUE collection forms.

- On the website www.slea-shop.fr:

By browsing our website, you may be required to provide us with personal data by completing the required fields on our online forms: creation of a customer account and membership of the loyalty card, subscription to our newsletter, customer service (monitoring of order, request for information, etc.), recruitment forms, etc.

Each form contains complete information relating in particular to your rights, as arising from the Data Protection Act and the GDPR.

A geolocation service also allows us to tell you the address of a store/perfumery or beauty institute near you as well as the availability of a service or product in the store. closer to you. This geolocation service also allows us to verify the identity of the person who ordered a product on our website and to deliver the product in store to this same person. You can freely choose whether or not to allow geolocation by clicking on the “allow” or “block” button when the authorization pop-up window appears on your screen.

We also use your browsing information which is recorded in files called “Cookies” installed on your computer. For more details on these files, we invite you to consult article 10 of this General Personal Data Protection Policy.

- Via our customer service:

You can contact our Customer Service:

- By post to the following address: SLEA COSMETIQUE - Customer service 178, route de besse, 83340 FLASSANS;
- Via the contact forms on our website www.slea-shop.fr.

- Via the social network Facebook.

- Via competitions:

The SLEA company regularly organizes competitions on social networks (Facebook and Instagram) and on websites accessible to the URL addresses created under its domain name “ www.slea-shop.fr”. In this context, we may collect your personal data for the organization of competitions, lotteries or any promotional operation, but also, on the basis of your free and informed consent (“opt-in” box), prospecting, loyalty operations, the development of commercial statistics, the transfer, rental or exchange of customer and prospect files.

- Via social networks:

SLEA suggests that you use social networks to improve commercial relationships and offer you targeted advertising offers on these networks:

- Facebook,
- Instagram,
- Twitter,
-Snapchat,
- Youtube.


The use of social networks to interact with SLEA (and including in particular the tools, the “share” buttons of Facebook, Instagram or Twitter) is likely to result in data exchanges between SLEA and these social networks.

SLEA invites you to carefully consult the personal data management policies of the various social networks to be aware of the personal data that may be transmitted by them.

If you do not want social networks to collect information about you when browsing the SLEA site, we advise you to disconnect from them before consulting the SLEA site or application.

The SLEA Company collects and processes your personal data for specific, explicit and legitimate purposes, which are as follows:

- On the legal basis of the execution of the contract entered into with SLEA COSMETIQUE:

- Management of your customer account, your shopping cart and your orders,
- Management of deliveries, order tracking, invoicing,
- Provision of accessible Customer Service:
By post to the following address: SLEA, Customer Service - 178, route de besse, 83340 FLASSANS
Via the contact forms on our website www.slea-shop.fr;

Via the social network Facebook.

- On the legal basis of your consent

- Sending targeted commercial offers by email, by SMS, on social networks or any other electronic medium,
- Management of the loyalty program,
- Organization of competitions,
- Geolocation,
- Collection of customer opinions and comments on the products or services marketed,
- Deposit of cookies to improve your navigation, personalize content on the site and offer you targeted advertising,
- Sharing your data with commercial partners,
- Management of customer complaints,
- Processing of applications that you send to SLEA in the “Recruitment” tab.

- On the legal basis of your consent

- Sending commercial offers by post,
- For the purposes of improving the customer experience:
Satisfaction surveys,
Management and online publication of stocks in your nearest store,
Management of your opinions and comments on the products or services marketed,
Audience measurements on the website and on the mobile application,

- Fight against fraud, particularly during online payment of order(s) and processing of reimbursement requests,
- Claims management by our brokers and insurers,
- Statistical analyses.

Your personal data may be transmitted to other recipients, who process your data on their behalf or to our subcontractors who process solely on our behalf and according to SLEA's instructions.

The recipients are:

- Our commercial partners (such as brands, marketing and advertising agencies),
- Police or judicial authorities in the context of requisitions, particularly in the fight against fraud.

The subcontractors used by SLEA are involved in the following operations:

- Monitoring of orders and transactions,
- Shipping orders,
- Inventory management,
- Customer relations and reporting,
- Collection and management of customer reviews,
- Secure payment on the site and the mobile application,
- Personalization of content of sites and mobile applications,
- Fight against fraud,
- Management of telephone calls, their recordings and sending letters by post,
- Commercial prospecting campaigns,
- Customer loyalty,
- Hosting of data and website,
- Technical maintenance and development operations of the website,
- Cookies and audience measurements,
- Receipt of applications.

Any natural person using the service has the right to exercise their rights of access, rectification, opposition and deletion to the processing of their data in accordance with articles 38 to 40 of the law of January 6, 1978.

Pursuant to Regulation 2016/679 of April 27, 2016, the natural person may exercise their right to limitation of processing, erasure of their data and portability from May 25, 2018.

These rights can be exercised with the company SLEA which collected the personal data in the following manner:

- By post, by writing to us at the following address:
SLEA COSMETIQUE Customer Relations Service – 178 route de besse, 83340 FLASSANS, indicating your name, first name, address, email and if possible customer reference in order to speed up the processing of your request.

- From the DPO by sending your request to the email address: contact@slealaboratoires.fr
The SLEA company sends a response within 2 months after exercising the right. This period will be reduced to 1 month from May 25, 2018, the date of entry into application of Regulation 2016/679 of April 27, 2016.

In the event of an unsatisfactory response, the person concerned has the option of contacting the CNIL.

Furthermore, the User may formulate directives relating to the conservation, erasure and communication of his personal data after his death in accordance with article 40-1 of law 78-17 of January 6, 1978. These guidelines may be general or specific.

In accordance with article 5e of regulation 2016/679 of April 27, 2016, personal data are only kept in a form allowing identification for a period which does not exceed the duration necessary for the purposes for which they are collected and processed.

As such, personal data is kept by SLEA according to precise rules that respect the rights and freedoms of individuals. The retention period will differ depending on whether the people concerned have made a purchase (customer) or not (prospect).

- For prospects: 3 years.
The retention period runs from the last prospecting sending for which the prospect is likely to be interested or from the prospect's last contact.

- For customers: 5 years.
The shelf life runs from the last purchase or contact with SLEA.
The data of any customer who has carried out a transaction dating back more than 5 years will not be retained by SLEA.

As data controller, SLEA takes all necessary precautions to preserve the security and confidentiality of data and in particular, prevent it from being distorted, damaged, or from unauthorized third parties having access to it.

In accordance with article 35 of law 78-17 of January 6, 1978, subcontractors undertake to respect the security and confidentiality of data.

In accordance with article 32 of regulation 2016/679 of April 27, 2016, SLEA undertakes to respect the security and confidentiality of data.

To do this, SLEA has defined a strict personal data security policy. This policy makes it possible in particular to:

General rules

- Use data encryption processes to protect any personal data files entering or leaving the SLEA information system,
- Secure workstations with unique identifiers and strong passwords,
- Limit the number of employees with access to personal data files (authorizations),
- Ensure that its own subcontractors comply with regulations on personal data,
- Regularly test the information system to verify its high level of security

Bank data

- Use of a certified service provider for payments by bank cards,
- Collection of your consent for the storage of your banking data (data deleted when the registered bank card expires)

In order to secure payments and deliveries and ensure optimal quality of service, the personal data collected on the site are also processed by SLEA to determine the level of fraud risk associated with each order and, if necessary, help to modulate the conditions of execution thereof.

SLEA uses your contact details to send you targeted advertisements in particular by email, postal mail, SMS or mobile notification and undertakes to respect the rules applicable to each prospecting channel.

By email and text message (article L.34-5 of the postal and electronic communications code)

- New customer: Express prior collection of their consent when creating their account (for offers from SLEA and its partners)
- Registered customer: Without prior consent for similar products or services already ordered.

In all cases, the Client may object to this prospecting:
- For email, by clicking on the unsubscribe link provided in each email or by going to your SLEA account in the newsletter section,
- For SMS, by sending a stop SMS to the number indicated therein or by going to your SLEA account in the newsletter section

By mobile applications

- Customer authorization required when first opening the mobile application

Disabling notifications via your smartphone settings.

By telephone

Unsubscription: Registration on the list opposing telephone canvassing accessible at www.bloctel.gouv.fr

The term cookie encompasses several technologies allowing navigation tracking or behavioral analysis of the Internet user. These technologies are multiple and constantly evolving. In particular, there are cookies, tags, pixels, Javascript code.

The http cookie, which is currently the most used technology, is a small text file recorded by the browser of your computer, tablet or smartphone and which allows user data to be retained in order to facilitate navigation and enable certain functionalities.

Information relating to the navigation of your terminal (computer, tablet, smartphone, etc.) may be recorded in "Cookies" files placed on your terminal, subject to the choices you have expressed concerning Cookies and that you can edit at any time.

Why does SLEA use cookies?

- Either to allow a client to collect browsing data on people visiting its website;
- Either to allow a client to display targeted advertisements on websites visited by Internet users;

Settings

- By the website visited

When browsing the websites, you must be able to configure your choices regarding cookies by clicking on the cookie banner. - By navigation software

You can configure your browser software so that cookies are saved on your terminal or, on the contrary, that they are rejected, either systematically or depending on their issuer. You can also configure your browser software so that you are offered the acceptance or refusal of cookies from time to time, before a cookie is likely to be stored on your terminal.

How to exercise your choices, depending on the browser you use?

For the management of cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your cookie preferences.

For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies,

For Safari™: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html,

For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647,

For Firefox™: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies,

For Opera™: http://help.opera.com/Windows/10.20/fr/cookies.html, etc.

5.2.3 Refusal of cookies online

SLEA may, upon instruction from its clients, transmit information to online targeting platforms in order to display targeted advertisements to individuals.

You have the possibility to oppose the deposit of cookies by accessing the website
http://www.youronlinechoices.com/fr/controler-ses-cookies/.

For more information regarding cookies, you can consult the CNIL website:
https://www.cnil.fr/fr/site-web-cookies-et-autre-traceurs